India has emerged as the world’s most targeted country for cyberattacks, according to the Acronis Cyberthreats Report H1 2025, which highlights a dramatic surge in ransomware and AI-powered phishing campaigns. The findings reveal that 12.4% of monitored endpoints in India were affected, placing the country at the top of the global malware charts.
The biannual report, compiled from over one million Windows endpoints worldwide, underscores how cybercriminals are leveraging artificial intelligence to launch low-effort, high-reward attacks. Phishing alone accounted for 25% of all attacks globally and 52% of those targeting Managed Service Providers (MSPs) — a sharp 22% increase compared to last year.
“Even the least sophisticated attackers now have access to advanced AI capabilities,” said Gerald Beuchelt, CISO at Acronis. “They are using deepfakes and AI-driven impersonation to trick businesses. All it takes is one mistake to compromise an entire organization.”
Why India is on Top
India’s rapid digitalization, thriving IT services sector, and expanding manufacturing base have made it an attractive target for global ransomware groups such as Cl0p, Akira, and Qlin. The manufacturing industry alone accounted for 15% of all global ransomware cases, with Indian firms increasingly in the crosshairs due to their strategic importance under the Make in India initiative.
Collaboration applications are also proving to be a weak link. Phishing incidents on platforms like Microsoft Teams and Slack surged from 9% to 30.5% in early 2025, while advanced email threats — including spoofed and payload-less attacks — rose from 9% to 24.5%.
“India’s growing digital economy expands its attack surface,” noted Rajesh Chhabra, GM, India & South Asia at Acronis. “Ransomware targeting manufacturing and infrastructure is not just a business concern — it’s a national risk that can impact industrial resilience and economic growth.”
The AI Threat Landscape
The report highlights that cybercriminals are increasingly abusing legitimate AI tools to craft convincing phishing emails, impersonations, and reconnaissance campaigns. While not fully integrated into the attack lifecycle yet, AI has already made threats more scalable and precise.
Techniques such as DLL injection (MITRE ATT&CK T1055.001) and obfuscated PowerShell scripts were among the most common attack methods observed.
The Road Ahead for Indian Enterprises
Experts stress that Indian businesses must move from reactive defences to AI-aware, behaviour-based cybersecurity models. Acronis recommends deploying Endpoint Detection and Response (EDR) solutions, auditing remote monitoring tools such as TeamViewer, and training employees against social engineering.
With ransomware still the “top dog” in cybercrime, India’s position at the top of the malware charts is a wake-up call. As cybercriminals get smarter with AI, enterprises must become smarter with security — or risk losing more than just data.
